THE OMNI SHOW

Andrew J. Mason: You're listening to the Omni show. Get to know the people and stories behind the Omni group's award-winning productivity apps for Mac and iOS. My name's Andrew J. Mason and today we talk with Ken case CEO of the Omni group for part one of our two part privacy episode special.

Andrew J. Mason: Well, hello everybody and welcome to the Omni show. We are so excited to be able to have a special focus two part episode on privacy. Today, we'll be talking to the CEO of the Omni group, Ken Case, about what Omni does with our data. And next episode, we'll be adding the executive director of the Electronic Frontier Foundation, Cindy Cohn to the conversation.

Andrew J. Mason: Ken, very cool topic and excited to have you with us today. Thanks for joining.

Ken Case: Hello. Thank you. It's always fun to talk with you.

Andrew J. Mason: I'm so grateful to be able to spend some time to pick this apart because there's really interesting stuff happening on the landscape of iOS in particular. And this is super exciting, because Apple's announced some stuff that's going to be affecting the software landscape for potentially years to come. Ken, can you catch us up in what's happening in the software landscape specifically from Apple's front right now?

Ken Case: Well, through the whole release cycle of iOS 14, Apple has been introducing stronger and stronger protections for customers around how their data is being used and their privacy. And so, in January they released a version of iOS 14, the updated Quitch, required privacy labels in the app store and started asking that all app developers, including us, as we submit updates to the app store, we include disclosures that say, "Here are the kinds of data we collect, the people who are using our software, and here's how we use that data." That was phase one.

Ken Case: And now this most recent phase that Apple is doing is they are actually prompting users before they install an app, rather than just disclosing it in the app store, and you can scroll and find it. They will prompt you and say, "Is this okay?" And making sure that you understand what you're agreeing to.

Andrew J. Mason: Now, I love this built in education because users are seeing a dialog box and it's such an insignificant thing. It's a dialog box, but the way this dialogue box is being presented as almost like the kid now that has to ask the parents and he knew they were going to say no in advance. So it's better not just to ask them anyway. Is this a good decision on Apple's part?

Ken Case: Oh, absolutely. I think for a while now, a lot of the ways that money has been made in the app store has not been in the direct way that you would expect where people enjoy the value of something, so they pay for it and they buy the app and they get this thing. But instead, it has been those app makers selling information about their users to third parties, typically you to fund some sort of advertising profiling about those people, so that more targeted ads can be sent their way in all sorts of different contexts, not even necessarily in that app, but used elsewhere later.

Andrew J. Mason: Maybe I'm stereotyping too broadly, but I tend to believe that if you're given the decision between yes by default or no by default, most people are going to say no when asked if they want to be tracked.

Ken Case: Yeah. It seems like a likely default choice for some people. I think some people don't care. They're happy to say, "Yeah. Okay. It's worth it to me to play this game for free. I'll accept whatever they're profiling me about," and Apple's not taking away that choice. They're just making sure that people get to make an informed choice about what it is. And it's interesting when you open one of these apps and you see this disclosure of just how much information they're collecting and what uses they're putting it to.

Andrew J. Mason: Would you perceive a change of this magnitude possibly coming to the Mac OS as well?

Ken Case: I think it's certainly feasible for the Mac OS app store, the Mac app store, that I could imagine doing these exact same thing there. In fact, I don't know why they wouldn't. Let's put it that way. You're already buying from Apple. You're installing it through that experience. Of course the Mac has other software channels available and I don't think it would be part of Apple's ethos to try to interfere in those other channels or regulate that.

Ken Case: How would they even know what software? They don't have a review process on that software. Let's put it that way. And so it would be hard for them to stand behind any such statements. And I don't know that they can exactly stand behind the statements that are currently in the app store. It's self-reported. It's sort of the honor system, but there are some teeth to it where if you self report something along these lines, and then you get caught violating it, then you can be sued for it.

Andrew J. Mason: It's so wild because this one change has entire software companies retooling, scrambling to recode, and in some cases rethinking their entire business model completely. Why is that?

Ken Case: Well, that's a good question. I think a lot of companies found that as they were building their software, they really wanted to collect information about how their users were using that software. And so they just went and integrated these third party analytics tools or other sorts of things that made it easy to track all sorts of things about the app. And they didn't necessarily even pay attention to what was being tracked. They just knew that it was being tracked, and then they could kind of look at the graphs later and see here's what's been tracked. That's in the most innocent case where all they wanted to do is know how their app was being used and they weren't trying to monetize it.

Ken Case: Sometimes it goes further, and the only reason that they put this technology or these trackers into the app is because somebody made an offer to them and said, "Hey, look. You could be making twice as much money with your app if you just integrate our SDK. You don't have to worry about it. We'll just be giving you an extra money every month." And that's attractive for some people. We certainly had people approach us with that offer, that they looked at the popularity of our apps on the app store and they're like, "Hey, can we talk you into integrating this code into your app and we'll pay you some money for that?" And, "No," is the answer from us, but I can see other companies struggling over that decision.

Andrew J. Mason: Which brings us to the main point. I consider this to be the question of the podcast. How does this affect the Omni group?

Ken Case: So this change, we didn't have to change anything about our code. Let's put it that way. Our apps are exactly the same apps that we had. All we had to do is think through the list of things we were doing in or apps and make sure that we were disclosing everything to our customers. So what is it that we do in our apps? Well, we want to know what you've purchased so that we can offer you those features in the app. And that's basically the extent of what it is. We check your in-app purchases, and we associate those with your login, so that when you log into any copy of our apps, wherever you are, if you subscribe on an iPhone, you can still use that subscription on your Mac, for example. So we associate that with your identity, to the extent that you have this login, but we're not clicking any other information about you.

Ken Case: We don't care how old you are. We don't care where you live. All of those sorts of details that advertisers and trackers often do want to collect, that's just not part of our model. So of course that's not anything that we collect and we didn't have to disclose anything else. And Apple breaks up the disclosure information into two categories. They have, here's the information that you're collecting in order to serve the functions of the app, enable functionality, in the app, and here are the things that are not strictly about functionality. And of course, these two things that we are tracking, your login and your purchases, are base parts of the functionality.

Andrew J. Mason: Now, I do want to camp out on this concept for a little while, because, personally, I don't share this a ton, but I do use OmniFocus for other non-task related things, reference, vision casting, audio journals, future-oriented stuff; there's a lot of personal information in there for me. And so you're saying that outside of like a crash scenario, because I'm on the Omni beta, nobody really sees this data?

Ken Case: Yeah, exactly. In fact, what we've done to protect customer data ... We consider each customer's data to be their own. Your data is your own. And that manifests itself in several ways in our apps. But one of the ways is if you're syncing to our servers, if you're syncing your OmniFocus database to the Omni Sync servers, we encrypt that data before it leaves your device, and we encrypt them with keys that are only available to your devices, not to us. And so we can't decrypt that anywhere else because we don't want access to that data. It's your data. It's not our data. And we don't want to be a target to happen for hackers trying to break into your data or anything else. If we don't have access to it, they're not going to have access to it if they did get the same access as we do.

Ken Case: So it's less of a worry for us, and hopefully it's less of a worry for you. So we spent a lot of time building this end to end encryption technology into our apps. It's sometimes inconvenient, like in this tech support scenario where somebody needs some help with something in their database. Well, because we don't have that access, our customer support team has to send authorization requests to our servers, and that doesn't just authorize them through our servers. What it actually does is it sends a request all the way to the customer where they have to now approve that request in the app, which then effectively, temporarily unencrypts their database so that our tech support team can work with it. And when we do that, we actually set it so that the customer no longer has access to it. So it's really clear to them that it's still on this unencrypted state until we finish our work, and then we send a signal back to the customer's device to say, "Okay, we're done," and now it re-encrypts it with the keys that we don't have, and the process is complete.

Andrew J. Mason: It's so important that people understand that the easiest route to programming software, sometimes the straight line from A to Z, isn't necessarily the route that you need to take that respects people's privacy the best. And so the Omni Group has sometimes taken the zigzag around, painstakingly adding in privacy respecting features into the software, when it would have been easier to maybe just program it as is, straight out, without really giving regard to a person's privacy. I have to respect that, especially when programming the software in terms of manpower would have been so much easier just to let privacy fall by the wayside.

Ken Case: Yeah. Well, we spent years on that, on that problem. Let's put it that way. We could have moved on to other features long ago if we had decided we didn't care about privacy and we would just build all that stuff into our own server side of things. And it did make some things more awkward when we talked about how do we want to integrate our, for example, mail drop feature, where you can send email to OmniFocus? Well, the email system is not encrypted, but we have to encrypt it as if it's your data. So we're actually using ...

Ken Case: And now that I think about it, maybe I misspoke earlier. We're using public key encryption. So we're encrypting it with a public key that lets us write data that we cannot read ourselves, that can be read by your device. And that may be actually how the tech support transaction completes, is that we read encrypt it with that public key, such that your private key is the only thing that can decode it.

Ken Case: I should note, this means that when you use OmniFocus for the web in particular, you have to provide that key as part of your sign-in in the web browser, because we don't have it. We give people the option to set that key separately from their account password, for example. Their encryption password is different. And so when you go to OmniFocus for the web, you might get prompted for your account login and then separately prompted for your encryption passphrase, because we need to be able to decode that in that context. Again, we don't want it ourselves, but OmniFocus for the web does need to have it.

Andrew J. Mason: I'll go ahead and drop this as a little teaser. We mentioned that this is part one of a privacy focused episode. Part two, we actually have Cindy Cohn from the Electronic Frontier Foundation. So excited to be able to have her input on the importance of privacy, so looking forward to that conversation. And I plan on throwing this question her way, but I wanted to get your take on it, Ken. When it comes to software and privacy, how do people just become more aware of what they're doing and how the choices that they make in regards of privacy affects them? How do we arm ourselves with the right information?

Ken Case: Yeah. That's a good question. So obviously the steps that Apple is taking right now with these privacy labels is one helpful step in letting you know, at least disclosing to you, what is happening with your data in particular apps, and maybe lets you steer between different apps and decide, "Well, this one is more careful with my privacy than that one. And so I'll go ahead and spend more time in the one that values my privacy." Those are some such decisions now that you can make.

Ken Case: I think it's also worth thinking about what data you're putting into the apps and where that data is going, how it's being stored, and who has access to it. So I've talked a little bit about how that works in OmniFocus. And one of the things I didn't mention is that we've also always, before we had encryption built into the app, we had support for you deciding where that data lived. So we still wouldn't have access to it. You could sync it to any server you chose, you could self host if you didn't want anyone else to have access to it, or maybe your company has a server that you trust this data on, or maybe there's some third party web dev provider that you could trust. You could use any of those places to sync your OmniFocus focus data. You didn't have to go through us.

Ken Case: So if you look for those sorts of choices in the apps that you're using, like does it give you the flexibility to sync over multiple cloud seeking services so that you can choose the cloud saving service that you trust the most, whether that's iCloud or Box or something else, that you then get to make that choice of where your data lives, and that's one way to help protect it.

Andrew J. Mason: A lot of this really does come to the power of decision and the fact that Apple's putting this decision at the operating system level, giving users the ability to say consciously, "Yes. I do," or, "No. I don't." And putting that choice back in people's hands is one of the most important things.

Ken Case: Yeah, absolutely. Because the best choice for me is not the best choice for you. I may be totally happy to self host my own web dev server instead of it somewhere in the cloud and do all of that, and it doesn't make any sense for a school to do that. Maybe if they're storing data, they don't necessarily want to run their own servers. They might worry that their servers are going to get hacked because they're don't have security professionals in there that are running them. They would rather have their data stored on some professionally hosted platform. Let's give whoever's using the software the choice of where they put it.

Andrew J. Mason: Here's the question I am planning on asking Cindy next episode as well. I'd love your take on it, though. What are you saying to the person that is just resigned to, "I think that privacy's dead. We should all just be okay with letting larger tech companies have control over our data. It's out there anyway, the toothpaste is out of the tube, and we should all just be okay with our data being collected and however it's collected and used, however it's used and no big deal." And yet, I knew that the existence of the Omni Group is very proof against that. I'd still love your take on that.

Ken Case: Yeah. There was a time- what was it? 15 years ago?- where the then CEO of Google came out and basically said, "Get over it. Privacy's dead. That's not a thing anymore." And that was a discouraging error for me as a technologist in this field who has been always working hard to try to preserve our customer's privacy, that I don't think the world needs to be that way. We built one of the early web browsers and we intentionally designed it to give the user agency and control over where they're being tracked, what kind of data, what kind of cookies are being stored, whether they want to keep them or not, all that kind of stuff is, I think, an important- Well, Apple refers to, I think, as a fundamental human right, that privacy [inaudible 00:15:16]. We've always felt that way as well.

Andrew J. Mason: I am curious because last time we talked, we talked about one of the latest features of Omni Automation being able to handle user credentialed information and sensitive data, and that data's flowing, I would imagine, everywhere. So how do you even handle something like API calls and passwords with something that's as expansive as Omni Automation?

Ken Case: Sure. So as people store a lot of sensitive data in our apps, we're aware of that, and we want them to be able to do that. And so, as we added these automation tools to Omni products, we were thinking about what were the kind of rules we have to have in place to make sure that somebody doesn't click on a link on a website and it opens an automation script that then exfiltrates all their data and sends it to and uploads it who knows where.

Ken Case: Because that sort of capability is now in on the automation. Step one is to approve the plugins that are being installed. When you click on a link in an app and it wants to run an Omni automation script, will present a dialogue that shows you what that script is, and you can review that script and make a decision about, do I actually want to run this or not?

Ken Case: So it's not just happening accidentally, invisibly, in the background. Once you've made that approval, if you then use the exact same script, basically we do a check sum, is the technical term, that data, so that we can tell whether anything changes about it, and if you run that same script again later, we assume that that approval still stands. And you can review what you've approved in the past so that you can remove those if you change your mind about something.

Ken Case: But we don't want it to be in your way all the time or make the feature really hard to use. So we have approvals both for installing plugins and for running their actions remotely; within the app, of course, you already have access to the data. So we don't prompt again, if you're in the app and you say, "I want to run this [inaudible 00:17:04] in action."

Ken Case: We also, as we talk about the external services where you might be storing a password to your [Jira 00:17:11] account or something, you can sync your Omni tasks with your Jira tasks. We wanted to give you a secure place to put that information so your script could get back to it and you wouldn't have to be prompted for your password every time the script runs. And so we store that information in Apple's Keychain, which is their secure vault for all of your passwords on the system.

Ken Case: That means that it's encrypted when you lock your device, that nobody has access to it that way. We also isolated so those entries can only be accessed by plugins. And one plugin cannot access the Keychain entries stored by another plugin. So each plugin has its own identifier and we store that under that plugin's identifier. Those are some of these steps that we've taken to try to make sure that as we do this sort of work, it's secure and safely.

Andrew J. Mason: That is amazing. Something that's as expansive as Omni Automation still offering that level of protection, where even though it's storing credentials, all of that's in Keychain. They're creating their own lanes on the highway; you can't change lanes, so one plugin can't dip into another's. Where can people go to find out more about Omni's stance on privacy and maybe get into some more nitty-gritty details?

Ken Case: So if you go to www.omnigroup.com/privacy, we have a page there that summarizes all of the information that we have. I mentioned earlier that the app store disclosures, I should note that the app store disclosures that really about things that we're collecting without your knowledge or without your consent on a consistent basis. If you're setting up syncing in our apps, while we have the choice of where you put that, it may not actually be going to our servers in the first place. If you choose to use our servers, then of course, that's now extra data that is being stored on our servers.

Ken Case: As I mentioned, though, we don't even have access to the data itself. We know that you're syncing, how many devices are syncing, and we know your patterns of syncing, and that's something that we want to mention on the privacy page and get into those details. But I hope that's not something that somebody is concerned about since, again, you have the choice of picking anywhere else.

Andrew J. Mason: That's killer, Ken. Thank you so much for your time with us today, again. It's always been so valuable, and for me, personally, it's always been an education, so thank you.

Ken Case: Oh, well, thank you. I appreciate the opportunity to talk about all this and hopefully if anyone has any further questions, I would love to hear from anyone who's listening, because we want to make sure we're addressing any of your concerns or questions.

Andrew J. Mason: And thank all of you for listening today. Hey, we're curious: are you enjoying the shows? Are you enjoying learning how people are getting things done utilizing Omni software and products? Drop us a line @theomnishow on Twitter. We'd love to hear from you there. You can also find out everything that's happening with the Omni Group at omnigroup.com/blog.